opsec in the blogosphere in the blogosphere ... small arms fire (saf) 279 23.3% 2. ... •a kind of...

1UNCLASSIFIED // FOUO

UNCLASSIFIED // FOUO

U.S. Army 1U.S. Army 1stst Information Operations CommandInformation Operations Command

OPSEC in the OPSEC in the BlogosphereBlogosphere

11stst BN BN -- Vulnerability Assessment Division (VAD)Vulnerability Assessment Division (VAD)



PurposePurpose

To emphasize the critical nature of protecting sensitive information from enemy exploitation and provide information for implementation of an Army OPSEC Training Program consistent with recent guidance issued by the CSA



Agenda

• Threat

• OPSEC

• Blogs and the Internet

• Summary



OPSEC Definition of ThreatOPSEC Definition of ThreatOPSEC Definition of Threat

“Capability of a potential enemy to limit or negate mission accomplishment or to neutralize or reduce the effectiveness of a current of projected organization or material item.” Two types of threat information are required:

•Intelligence collection threat•Combat capability threat

AR 530-1



•Combinations•Combinations of all of the above•Long Term•Short Term

Categories of ThreatCategories of ThreatCategories of Threat

EXTERNAL

DOMESTIC

TRADITIONALNON TRADITIONAL

Foreign Governments Foreign Intelligence Services (FIS)

Al QaedaWarlords

Hackers Militia Groups

Drug CartelMedia



Adaptive, cunning, and learning Adversary ... unlike most previous experiences

Paramilitary, Insurgent, Radical, Terrorist Paramilitary, Insurgent, Radical, Terrorist Threats Active in OIF/OEF TheatersThreats Active in OIF/OEF Theaters

Source: http://www.centcom.mil/CENTCOMNews & http://casualties.org/oif/stats.aspx, 5 OCT 04

1. Small arms fire (SAF) 279 23.3%2. Improvised explosive device (IED) attack 219 18.3%3. Hostile-ambush 62 5.2%4. Hostile-vehicle borne (VBIED) 55 4.6%5A. Hostile-helicopter shot down/downed 53 4.4%5B. Hostile-mortar attack 53 4.4%6. Hostile-rocket propelled grenade (RPG) attack 50 4.2%7. Hostile-vehicle accident 25 2.1%8. Hostile-helicopter crash (missile attack) 22 1.8%9. Hostile- sniper fire 17 1.4%10. Hostile-rocket attack 14 1.2%

(Coalition Force (CF) Invasion through 5 OCT 04, includes all CF Casualties killed in action)



VulnerabilitiesVulnerabilities



OPSEC DefinedOPSEC Defined

•A process of identifying Essential Elements ofFriendly Information (EEFI) and subsequently analyzing friendly actions attendant to military operations and other activities to:

•Identify those actions that can be observed by adversary intelligence systems•Determine indicators Adversary intelligence systems might obtain that could be interpreted or pieced together to derive EEFI in time to be useful to adversaries•Select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly action to adversary exploitation



Critical InformationCritical Information

What they are looking for:

1. Names/photographs of important people2. Present and future U.S. capabilities3. Meetings of top officials4. News about U.S. diplomacy5. U.S. positions6. Important government places7. Information about military facilities:

LocationUnitsWeapons usedFortifications & tunnelsAmount of lightingExterior size and shapeNumber of soldiers & officersAmmunition depot locationsLeave policiesBrigades and names of companiesDegree & speed of mobilization



What is a Blog?What is a Blog?What is a Blog?

A frequent, chronological publication of personal thoughts and Web links; a journal:

•a mixture of what is happening in a person's life and what is happening on the Web•a kind of hybrid diary/guide site•there are as many unique types of blogs as there are people



Military BloggingMilitary BloggingMilitary Blogging



Internet CafeInternet CafeInternet Cafe

Internet Cafes can be found on military bases, generally operated by MWR or private businesses when located outside the installation



Blog OPSEC Concerns & IssuesBlog OPSEC Concerns & IssuesBlog OPSEC Concerns & Issues

• Posting sensitive photographs to the internet (especially those showing the results of IED strikes, battle scenes, casualties, and destroyed or damaged equipment)

• Providing information which enhances the enemy’s targeting process

• Exploitation

• OPSEC is everyone’s responsibility• While they are therapeutic, they are also a snap-shot in time and

the whole world is reading…



DOD Guidance and LegalitiesDOD Guidance and Legalities

•DOD Guidance states that an OPSEC review will be conducted prior to public release

•An OPSEC review is an evaluation of a document to ensure protection of sensitive or critical information.

• The following publications and memorandums address the issue

– AR 530-1, Operations Security, 3 Mar 95– DoDD 5230.9, Clearance of DoD Information for Public

Release, 21 Nov 03– Numerous SecDef, Secretary of the Army, CofS, and

other official messages



11stst Amendment IssuesAmendment Issues

As an active-duty service member, you have free speech rights, but these rights are limited. Here are some basic guidelines to what you can and can’t say and do as a member of the military. You have the right to …

• Read anything you want• Write letters to newspapers• Publish your own newspaper, as long as you don’t

use military supplies or equipment to do so



DoD Website OPSEC GuidanceDoD Website OPSEC Guidance

Terror Alert Notice

14 Jan 2003R 141553Z JAN 03 FM SECDEF WASHINGTON DC TO ALDODACT INFO RUEKJCS/SECDEF WASHINGTON DC//DASD SIO//SECURITY// UNCLAS ALDODACT 02/03 ADDRESSEES PASS TO ALL SUBORDINATE COMMANDS

SUBJECT: WEB SITE OPSEC DISCREPANCIES

1. AN AL QAEDA TRAINING MANUAL RECOVERED IN AFGHANISTAN STATES: "USING PUBLIC SOURCES OPENLY AND WITHOUT RESORTING TO ILLEGAL MEANS, IT IS POSSIBLE TO GATHER AT LEAST 80% OF INFORMATION ABOUT THE ENEMY." AT MORE THAN 700 GIGABYTES, THE DOD WEB-BASED DATA MAKES A VAST, READILY VAILABLE SOURCE OF INFORMATION ON DOD PLANS, PROGRAMS, AND ACTIVITIES. ONE MUST CONCLUDE OUR ENEMIES ACCESS DOD WEB SITES ON A REGULAR BASIS.

2. THE FACT THAT FOR OFFICIAL USE ONLY (FOUO) AND OTHER SENSITIVE UNCLASSIFIED INFORMATION (E.G., ONOPS, OPLANS, SOP) CONTINUES TO BE FOUND ON PUBLIC WEB SITES INDICATES THAT TOO OFTEN DATA POSTED ARE INSUFFICIENTLY REVIEWED FOR SENSITIVITY AND/OR INADEQUATELY PROTECTED. OVER 1500 DISCREPANCIES WERE FOUND DURING THE PAST YEAR. THIS CONTINUING TREND MUST BE REVERSED.

3. THE DOD WEB SITE ADMINISTRATION POLICY (LINK AT WWW.DEFENSELINK.MIL/WEBMASTERS) REQUIRES THAT INFORMATION BE REVIEWED FOR DATA SENSITIVITY PRIOR TO WEB POSTING AND PROTECTED ACCORDINGLY. THIS REVIEW IS TO BE ACCOMPLISHED IN ACCORDANCE WITH DOD DIRECTIVE 5230.9, CLEARANCE OF DOD INFORMATION FOR PUBLIC RELEASE, AND DOD INSTRUCTION 5230.29, SECURITY AND POLICY REVIEW OF DOD INFORMATION FOR PUBLIC RELEASE, AND MUST INCLUDE OPERATIONS SECURITY (OPSEC) CONSIDERATIONS AS DEFINED BY DOD DIRECTIVE 5205.2, DOD OPERATIONS SECURITY (OPSEC) PROGRAM.

4. USING THE OPSEC PROCESS IN A SYSTEMATIC WAY AND THINKING ABOUT WHAT MAY BE HELPFUL TO AN DVERSARY PRIOR TO POSTING ANY INFORMATION TO THE WEB COULD ELIMINATE MANY VULNERABILITIES. THE INTERAGENCY OPSEC SUPPORT STAFF (IOSS) CAN PROVIDE PROFESSIONAL ASSISTANCE WITH THE OPSEC PROCESS (SEE WWW.IOSS.GOV). LIMITING DETAILS IS AN EASILY APPLIED COUNTERMEASURE THAT CAN ECREASE VULNERABILITIESWHILE STILL CONVEYING THE ESSENTIAL INFORMATION. SECURITY AND ACCESS PROTECTIONS MUST BE APPLIED ACCORDING TO THE SENSITIVITY OFDATA FOR BOTH WEB PAGES AND WEB-ENABLED APPLICATIONS. UNPUBLISHED ADDRESSES (URLS) AND UNLINKED WEB PAGES DO NOT PROVIDE SECURITY. SEE PART V, TABLE 1 OF THE WEB SITE ADMINISTRATION POLICY FOR FURTHER GUIDANCE.

5. HEADS OF COMPONENTS ARE RESPONSIBLE FOR MANAGEMENT OF INFORMATION PLACED ON COMPONENT WEBSITES. THEY MUST ENSURE THAT WEBSITE OWNERS TAKE RESPONSIBILITY FOR ALL CONTENT POSTED TO THEIR WEBSITES. WEBSITE OWNERS MUST REDOUBLE THEIR EFFORTS TO: A. VERIFY THAT

Terrorist manual - 80% of information about enemy gathered openly

SECDEFSECDEF’’s Jan 03 OPSEC Messages Jan 03 OPSEC Message

1500 discrepancies during past year

Review information prior to posting – include OPSEC

Use OPSEC process – “Who is the intended audience?”

Commanders responsible for content & verification of need

Provide security training for those responsible for content



DA OPSEC Guidance DA OPSEC Guidance –– Feb 03Feb 03

COMMANDERS AT ALL LEVELS MUST:

REVIEW THEIR WEBPAGES, ENSURE THEY ARE OPSEC COMPLIANT

APPLY THE OPSEC REVIEW PROCESS OUTLINED IN AR530-1

LIMIT DETAILS ABOUT SPECIFIC CAPABILITIES OR READINESS

ENSURE REVIEWING OFFICIALS AND WEBMASTERS ARE OPSEC TRAINED

ENSURE ALL ARMY WEB SITES ARE REGISTERED

VERIFY VALID MISSION NEED TO DISSEMINATE THE INFORMATION POSTED

AWRAC & 1st IO CMD SEARCH, IDENTIFY & REPORT WEBSITE OPSEC CONCERNS



CSA OPSEC Guidance CSA OPSEC Guidance –– Dec 03Dec 03

CSA OPSEC Memo dated 4 Dec 03• Protecting information is vital to Army

success.• “For Official Use Only” (FOUO) will be the

standard marking for all unclassified products which, if released to the public, could cause harm to Army Operations or personnel including, but not limited to, force protection, movement and readiness data, and evolving tactics, techniques, and procedures. Where feasible, information that bears protection should be moved …. to the SIPRNET.”

• Do not assist the adversary by providing open source information.



Real-Time BlogRealReal--Time BlogTime Blog

Not Logged In? Who’s Online Now. You are here: 3 Doors Down Message Board Search Results SubjectAuthorLast PostBoard Do you have a question for Gregg……xxxx..13-Jun-2005 #:24:45 PM

Questions for the band: Searched 8 forums

posted on 13-Jun-2005 3:24:45 PM I have a question for the whole band.

Gentlemen, I am with the 1st Brigade 101st ABN (AASLT) div stationed at Ft Campbell, KY. I was wondering what you have planned for the 20th of Sep 05. We are planning a family event for all the soldiers and their families prior to our return to Iraq. I understand that you are busy and may have other obligations but I thought I would ask. You have been very supportive of the soldiers in the past and it is very much appreciated. It would mean a lot to these soldiers and their families if you could make some sort of appearance. Many of us are returning for our second or third time and the strain on the families has been tough to say the least. Please let me know either way. Thank you for your time and consideration.

Name and Titled Deleted 101st ABN Div (AASLT), Bastogne"



RealReal--Time BlogTime Blog

"It is Monday again and we are still at K-2 airfield in Bayji. As a squadron, we are 'demonstrating a military presence.' That means the troops set up checkpoints and stop hundreds of cars, searching them and the people. They keep taking these 'detainees' or EPWsand I have partial responsibility for the 'jail', which is a building here on the airfield. But we are not set up for this. MPs are supposed to come and get them almost immediately but they take a while. Plus the Civil Affairs/Counter Intelligence teams that are supposed to talk to them don't know crap and the whole thing borders on a war crime. I am just trying to find blankets and light and medical care for the prisoners.

Does this blog provide too much information?



Serviceman DemotedServiceman DemotedServiceman Demoted

• Leonard Clark, 40, was demoted from specialist to private first class and fined $1,640, said Col. Bill Buckner, a spokesman for the Multi-National Corps-Iraq

• Soldiers in Iraq are allowed to maintain blogs or Web sites but cannot post information about Army operations or movements. They also are barred from posting information about the death of a soldier whose family hasn't yet been notified

Guardsman punished for allegedly posting classified informationThe Associated Press Updated: 8:25 a.m. ET Aug. 2, 2005 PHOENIX - An Arizona National Guardsman serving in Iraq has been demoted for posting classified information on his Internet Web log, an Army official said Monday.



“Jihadi Information Battalion”““Jihadi Information BattalionJihadi Information Battalion””

• To stop communicating with one another by email entirely and instead use the site’s web-forum.

• To only use public computers that cannot be in any way linked to them.

• To use anonymous IP address websites in order to mask their identity while navigating.

• To not publish any of their identifying information in their online forum registration or in their forum posts

This website explains that Jihadists have been authorized by God to break the control of the media from the Zionists.



Jihadist Use of Open SourceJihadist Use of Open SourceJihadist Use of Open Source

Image on the right was seen on a Jihadist website inMay 2005. It is an image taken by a soldier andposted to a BLOG.

Image on the left is another example. It was also posted to a Jihadist website in May 2005. The Arabic caption reads: “G (RPG-7) 7 Nothing happened to it due to its use of reactive armor".



US Equipment VulnerabilitiesUS Equipment Vulnerabilities

Driver of Alpha 41 (the luckiest STRYKER Driver in Mosul

This is the result of a medium sized-IED on our main scanning vehicle, The Buffalo. While no one was injured, it was still a sad day to see our most armored vehicle knocked out

Thanks to the 10 panes of ballistic glass in each window, no one was hurt in this blast.

HMMWV



SummarySummarySummary• DOD Guidance

– Prior to posting information in the public domain, it should have an OPSEC review by the OPSEC officer IAW AR 530-1

• Military Operations and Exercises information:– Unit readiness specificity– Tactics, Techniques, and Procedures

• Personnel Information:– Identifying family members and military personnel-specific details– Disciplinary actions

• Proprietary Information and Scientific:– Critical technology– Test & Evaluation and Research & Development of existing equipment

• Intelligence Information:– Communications Intelligence– Sources and Methods– Protection of identities of undercover Intelligence Officers, Agents, Informants, etc

• Other Information:– Outsourcing studies– Administrative dispute resolutions

Information you have access to, though UNCLASSIFIED, has value to an adversary



QUESTIONS?

opsec in the blogosphere in the blogosphere ... small arms fire (saf) 279 23.3% 2. ... •a kind of...

Documents